vim/0001-patch-8.2.4217-illegal-memory-access-when-undo-makes.patch
Zdenek Dohnal 71d1d36ac8 CVE-2022-0368 vim: Out-of-bounds Read in vim
Resolves: CVE-2022-0368
2022-02-09 09:55:42 +01:00

56 lines
1.5 KiB
Diff

From 8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 25 Jan 2022 18:24:00 +0000
Subject: [PATCH] patch 8.2.4217: illegal memory access when undo makes Visual
area invalid
Problem: Illegal memory access when undo makes Visual area invalid.
Solution: Correct the Visual area after undo.
---
src/testdir/test_visual.vim | 15 +++++++++++++++
src/undo.c | 2 ++
src/version.c | 2 ++
3 files changed, 19 insertions(+)
diff --git a/src/testdir/test_visual.vim b/src/testdir/test_visual.vim
index 9b322fd21..b2beda08d 100644
--- a/src/testdir/test_visual.vim
+++ b/src/testdir/test_visual.vim
@@ -1339,5 +1339,20 @@ func Test_visual_ex_copy_line()
bwipe!
endfunc
+" This was leaving the end of the Visual area beyond the end of a line.
+" Set 'undolevels' to start a new undo block.
+func Test_visual_undo_deletes_last_line()
+ new
+ call setline(1, ["aaa", "ccc", "dyd"])
+ set undolevels=100
+ exe "normal obbbbbbbbbxbb\<Esc>"
+ set undolevels=100
+ /y
+ exe "normal ggvjfxO"
+ undo
+ normal gNU
+ bwipe!
+endfunc
+
" vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/undo.c b/src/undo.c
index 4d186d453..636144aef 100644
--- a/src/undo.c
+++ b/src/undo.c
@@ -3029,6 +3029,8 @@ u_undo_end(
}
}
#endif
+ if (VIsual_active)
+ check_pos(curbuf, &VIsual);
smsg_attr_keep(0, _("%ld %s; %s #%ld %s"),
u_oldcount < 0 ? -u_oldcount : u_oldcount,
--
2.34.1